From: Mattias R. <ho...@ly...> - 2009-10-22 15:30:59
|
Hi, I want to use IPcomp, but without any kind of IPsec. My understanding is that IPcomp (protocol-wise) has no dependency on IPsec, but from a Linux tools perspective, I need to use the IPsec tools to configure the kernel. I've tried using setkey (from ipsec-tools 0.7) on my Ubuntu PC running kernel 2.6.28 with the following config: add 10.0.0.1 192.168.1.1 ipcomp 2010 -C deflate; add 192.168.1.1 10.0.0.1 ipcomp 1020 -C deflate; spdadd 150.132.87.148 192.168.1.1 any -P out ipsec ipcomp/transport//require; spdadd 192.168.1.1 150.132.87.148 any -P in ipsec ipcomp/transport//require; But when I ping 192.168.1.1 from 10.0.0.1, no packets leave the 10.0.0.1 host. Which mode (tunnel or transport, in the policy) should I be using? I would like to select "none", but there isn't any such option. Is this even possible to configure? Any help is appreciated. Best regards, Mattias |